Chino.io provides much more guarantees than typical clouds

In terms of legal responsibility, Chino.io gives you much more than a classical Cloud
provider since it covers also technical requirements, such as your health sensitive data storage and
protection.

Keep in mind also that with Chino.io you can achieve application (or record) level encryption,
where an attacker can't access to your health data if he violates your Applications.

Chino.io main security & compliance features

Encryption

Record level encryption with AES-256 and HTTPS/TLS for transmission.
Secure indexing and tokenization for search operations.
Encryption keys (for each user) managed according to HSM standards.

Access control

Flexible and granular access control policies to define access
rights for single users (or groups of users) to single documents (or collections of
documents).

Immutable audit logs

Legally valid immutable logging system. Tracking of who accesses data, when it was
accessed, and from where.
Logs contain enough information in case of legal disputes, without violating users'
privacy.

Compliance requirements

Consent tracking via the API and available in the Console, Right to be Forgotten (RTBF)
via API and encryption key deletion, data portability via API and Console using JSON
data encoding.

API security & monitoring

Constant (24/07) security monitoring of the API status, attacks, and anomalies in the
system.
State of the art standards for API security, and constant updates of tools, plugins and
libraries.

Backups

Daily incremental backups stored encrypted with AES-256 in two separate physical
locations.
Weekly backup history, plus four backups for the current month and one backup for each
month for
6 months.

The service that decode security & compliance for you

Each API call uses HTTPS/TLS to protect data transfers, while all documents at rest are
encrypted using AES-256. Each user has different encryption keys, stored on different
locations.

Access Control

Flexible and granular access control policies can be setup via the API to define access
rights for single users or groups of users to single documents or collections of
documents.

Backups

Daily incremental backups of all data. Backups are encrypted using AES-256 algorithms and
transferred to
a different physical location.

Audit log

Control who accesses your data, when it was accessed, and from where. Logs are legally valid
and non-modifiable.

API security

We provide one-per-customer physical server (or more) at your service. We provide only the
state of the art in terms of security and power.

Intrusion detection

Constant (24/07) security monitoring of API behavior, attacks, and any anomaly in the
system.
Technology partially developed also in the C3ISP EU innovation project.

Certified even for medical grade software

Certified ISO 9001

The Chino.io ISO 9001 certification means that Chino.io established, maintains and improves
constantly the organizational structure, responsibilities, procedures, processes, and resources to
consistently satisfy ISO 9001 quality requirements. ISO 9001 is a necessary certificate for all
service providers in the medical context where end products (medical devices or software) must be ISO
13485 certified. Download the
certificate here.

Certified ISO 27001

ISO 27001 is a security management standard that specifies security management best practices and
comprehensive security controls following the ISO 27002 best practice guidance. Chino.io implements
all controls and constantly improves its Security Management System, exceeding the requirements and
keeping its services always at state of the art level in terms of security best practices. Download the certificate here.

LEARN MORE ABOUT COMPLIANCE AND SECURITY

Learn all you need to know about software, security and compliance.
Become a security expert